Tag Archives: professional-ethics

Most employees think they are indispensable to their employers, but in fact, most employees are easily replaced. A recent legal ruling involved an IT manager who sought job security by holding “the keys to the kingdom”–the passwords to the company’s computer network that only he possessed. His plan didn’t become a fast track to climbing the corporate ladder; instead, it led to his relocation into a jail cell.

Terry Childs was principal network engineer for Department of Telecommunications and Information Services (DTIS) of the City and County of San Francisco. He apparently distrusted his co-workers and sought to make himself unfireable, so he arranged to become the only person with his network’s passwords. When he was suspended from his job, he refused to divulge the passwords so that his employer could reassume control over its network…

For taking these steps, Childs was convicted of violating California’s state computer crime law (California Penal Code Sec. 502(c)(5)), which criminalizes taking an action that “knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.” He was sentenced to four years in prison and ordered to pay nearly $1.5 million in restitution, the bulk of which compensates the employer for its post-firing efforts to find and fix Childs’ backdoors. Last month, a California appeals court upheld the conviction and restitution order.

I imagine many IT employees and software engineers fantasize about how they will “stick it to the man” through backdoors or password-hoarding if they are ever fired from their jobs. Fantasies are fine, but actually implementing the plan could turn into a criminal nightmare.

How to lose $172,222 a second for 45 minutesThis is probably the most painful bug report I’ve ever read, describing in glorious technicolor the steps leading to Knight Capital’s $465m trading loss due to a software bug that struck late last year, effectively bankrupting the company.

The tale has all the hallmarks of technical debt in a huge, unmaintained, bitrotten codebase the bug itself due to code that hadn’t been used for 8 years, and a really poor, undisciplined devops story.